The only case when having an application source would be a vulnerability is when the application itself has a serious flaw, for example
- Is employing a security through obscurity technique,
- Embeds a secret in the body of the program,
- Makes a mistake in implementing a well-known algorithm that opens up the implementation to an attack.
Essentially, your product becomes more vulnerable when an attacker has its source, because the attacker can more easily spot your coding mistakes. However, it's coding mistakes that make your application crackable, not the fact that an attacker has your source code.